The Research Of Protocol Identification Based On The Linux Firewall

With the rapid development of Internet, especially the rapid development of cloud computing, network security issues has been growing concerned. Hackers have never stopped attacking the internet, the user’s data and information cannot get adequate protection, and some large-scale use of P2P software, the company’s bandwidth also constitute a considerable hazard, therefore, building a secure firewall to protect Internet user’s security is increasingly pay attention to. Traditional port-base and static characteristics of the protocol to identify ways to identify the rate is getting lower and lower, but more and more communications software using encrypted communications, which makes identification method relying on the traditional protocol, can no longer meet the needs of network security. It is based on the above situation, the present paper general agreement of both can be based on traditional identification methods to make identify, and advanced identification method to identify those difficult to identify the network protocol, such as encryption of the gmail mailbox. And ultimately build a Linux-based Netfilter firewall. The main work is as follows:Summarize the previous mode string recognition algorithm is proposed to a new model string recognition algorithm-reverse matching algorithm, and compared to the classic pattern matching algorithms such as AC, AC-BM algorithm, the target string for the same size of the text, identifying speed enhance100ms. In particularly, it is able to do quickly and accurately identify a large number of network packets.Encrypted network protocol characteristics gmail protocol encryption, for example, summarizes the typical characteristics of network packets, use the reverse matching algorithm for the design of stress tests on the characteristics of the gmail network protocol, that a large number of the flow of network packets, the test design algorithm identified gmail agreement.Characteristics of the encrypted network protocol analysis, gmail protocol encryption, for example, the typical characteristics of network packets, the use of reverse matching algorithm for the design, the third packet can be detected in the tcp connection encryption gmail protocol packets.The final of the system test verification, Webmail protocol IM software, some of the typical protocols through the wireshark packet capture analysis, summarizes some of the characteristics of the agreement string. Test results show that in terms of time or accuracy, the firewall can be designed to meet the identification requirements.